monitor and secure your Private cloud with a platform based in your data center.
Private clouds are flexible and scalable, and leverage your existing infrastructure. But a lack of packet-level visibility can complicate things considerably. Without the ability to monitor traffic between virtual machines (VMs) in your private cloud, your security and performance management tools lack the critical data they need to identify attackers and prevent network outages.
When it comes to private cloud environments, eliminating these risky virtual blind spots is critical to protecting your virtual infrastructure. Instead of the pay-as-you-go approach to visibility offered by CloudLens SaaS, CloudLens Self-Hosted runs in your data center — enabling you to supply your monitoring tools with critical packet data from the cloud, even when you are offline.
What You Get
- Virtual Tapping
- Virtual Processing
- Ultimate Flexibility
pick a hypervisor, Any hypervisor
With support for leading hypervisors such as OpenStack KVM, VMware ESXi and NSX, and Microsoft Hyper-V, CloudLens Self-Hosted enables complete visibility into all your private cloud deployments via a single management interface.
Moreover, CloudLens Self-Hosted can be vSwitch/router-agnostic (VSS, vDS) — giving you even more flexibility into how you deploy the platform.
capture inter-vm traffic with vtap
Packet data traveling between VMs is notoriously difficult to capture. However, CloudLens Self-Hosted captures this east-west traffic with its proprietary vTap capability. The platform can virtually tap both inline and out-of-band (OOB) traffic in two modes:
- Tap only: copies and forwards data, similar to a physical tap,
- Tap and filter: copies data and filters it with basic Layer 2 to Layer 4 criteria, so only relevant data is forwarded
Additionally, Cloud Sensor vTaps can access network traffic in environments where your administrators have limited or no hypervisor access, such as with Microsoft Azure Stack. This enables you to achieve true hypervisor-agnostic visibility, since you can run CloudLens vTap sensors in your virtual workloads, filter the tapped traffic with L2 to L4 criteria, and forward packet data to any available interface with GRE tunneling.
As with any Ixia product, management is simple. The easy-to-use CloudLens Sensor Management Platform integrates seamlessly with the CloudLens GUI — enabling you to deploy sensors wherever you need them, even in secure environments or without internet access.
save bandwidth and Reduce latency by filtering at the source
Packet-level cloud visibility makes your tools better, but more data isn't always the answer. Security tools rely on timely, contextual intelligence — and unfiltered packet data can easily lead to false positives or undetected intrusions. While many tools offer intelligent filtering themselves, CloudLens is more efficient. That reduces costs while enabling you to maximize your existing security and monitoring investments.
The only platform that aggregates, filters, and processes packets virtually, CloudLens Self-Hosted offers Ixia's industry-leading visibility intelligence, including NetStack, PacketStack, and AppStack.
With NetStack, you can aggregate, load-balance, and filter traffic with L2 to L4 criteria — similar to what a physical packet broker can offer, but as a set of software agents deployed on your private cloud infrastructure. From there, you can utilize PacketStack and AppStack for more advanced capabilities such as de-duplication, header stripping, signature-based application detection, geolocation, Layer 7-based filtering, threat detection, and NetFlow generation.
easily adaptable for multiple architectures
Because it deploys and runs in your data center, CloudLens Self-Hosted is flexible. This enables you to select the right approach to get the right data to your security and monitoring tools.
- Send tapped traffic directly to virtual tools
- Send L2 to L4 filtered traffic to virtual tools
- Send virtually processed, brokered packets to virtual tools
- Send tapped traffic directly to physical tools
- Send L2 to L4 filtered traffic to physical tools
- Send virtually processed, brokered packets to physical tools
- Send tapped traffic directly to a physical network packet broker, which aggregates, processes, and sends it to tools
- Send L2-L4 filtered traffic to a physical network packet broker, which then aggregates, processes, and sends it to tools
DATA access any time, anywhere
The Risk of Blind Spots in Inter-VM Traffic
A limited view of network traffic makes troubleshooting application performance and network security nearly impossible. Since it's difficult to capture packet data flowing between VMs on the same server, virtual systems like cloud environments are tempting targets for attackers to exploit.
When you need to capture this hard-to-reach data, CloudLens Self-Hosted bridges the gap between your virtual and physical networks — protecting your cloud by extending complete visibility to your virtualized environments and inter-VM traffic.
How easy is it to start using CloudLens?
Watch as one of our senior product managers, Christophe Olivier, configures vTap — enabling private cloud visibility in just a matter of minutes!
CONTAINERS AND KUBERNETES: VISIBILITY THROUGH CLOUDLENS
CloudLens is the first and only solution to deliver packet visibility into containers and Kubernetes clusters across cloud platforms including AWS Elastic Container Service for Kubernetes (EKS), Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE).
Discover how to maximize your APM, NPM, and security tools by establishing packet visibility into your workloads in container-based environments and Kubernetes clusters!
Not only does CloudLens Self-Hosted enable you to capture packet data in your private clouds, it also offers industry-leading virtual packet processing and advanced, Layer 7-based application filtering. Unlike other cloud visibility solutions, we do not require you to backhaul traffic to a physical device (however, we provide the option to do so).
Discover how Ixia’s leading visibility intelligence features can optimize your traffic analysis and security tool performance in physical and cloud environments!
To learn more, click on each stack.
Context-aware, signature-based application layer filtering
- Application identification
- Geolocation & tagging
- Optional RegEx filtering
- IxFlow (NetFlow + metadata)
- Packet capture
- Real-time dashboard
TradeStack capabilities are not available for this network packet broker or this platform at this time — visit the page to learn more.
Marked data feed monitoring
- Gap detection
- Feed and channel health
- High-resolution traffic statistics
- Microburst detection
- Subscription for feed updates
- Simplified feed management